¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Date discovered:22/06/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Low to medium
Static file:Yes
File size:126.976 Bytes
MD5 checksum:31c7f905e045a088a3a52eecb057f87d
VDF version:

 General Methods of propagation:
   • Email
   • Peer to Peer

   •  Mcafee: W32/Palevo
   •  Kaspersky: P2P-Worm.Win32.Palevo.amzc
   •  Bitdefender: Trojan.Generic.KD.16644
   •  Microsoft: Trojan:Win32/Malagent
   •  Eset: Win32/SpamTool.Tedroo.AN

Platforms / OS:
   • Windows 2000
   • Windows XP

 Files It copies itself to the following location:
   • %systemdir%\msvmiode.exe

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "MSODESNV7"="%SYSDIR%\msvmiode.exe"

The following registry key is added:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
   • "ridt100413"="1"
   • "id"="52270412984101212438367851066542"
   • "host"="91.212.1**.**7"

 Mailing MX Server:
It has the ability to contact one of the following MX servers:
   • hotmail.com
   • yahoo.com
   • aol.com
   • google.com
   • mail.com

 Backdoor Contact server:
The following:
   • update2.helo****.com

Descripción insertada por Mihai Dilimot el jueves, 12 de agosto de 2010
Descripción actualizada por Mihai Dilimot el jueves, 12 de agosto de 2010

Volver . . . .